National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2005-2088 Detail

Current Description

The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

Source:  MITRE
Description Last Modified:  07/05/2005
View Analysis Description

Impact

CVSS v2.0 Severity and Metrics:

Base Score: 4.3 MEDIUM
Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) (V2 legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6


Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (AU): None
Confidentiality (C): None
Integrity (I): Partial
Availability (A): None
Additional Information:
Allows unauthorized modification

Vendor Statements (disclaimer)

Official Statement from Apache (07/02/2008)

Fixed in Apache HTTP Server 2.0.55: http://httpd.apache.org/security/vulnerabilities_20.html

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
http://docs.info.apple.com/article.html?artnum=302847
http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html
http://marc.info/?l=apache-httpd-announce&m=112931556417329&w=3
http://seclists.org/lists/bugtraq/2005/Jun/0025.html
http://securityreason.com/securityalert/604
http://securitytracker.com/id?1014323
http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.600000
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
http://www.apache.org/dist/httpd/CHANGES_1.3
http://www.apache.org/dist/httpd/CHANGES_2.0
http://www.debian.org/security/2005/dsa-803
http://www.debian.org/security/2005/dsa-805
http://www.mandriva.com/security/advisories?name=MDKSA-2005:130
http://www.novell.com/linux/security/advisories/2005_18_sr.html
http://www.novell.com/linux/security/advisories/2005_46_apache.html
http://www.redhat.com/support/errata/RHSA-2005-582.html
http://www.securiteam.com/securityreviews/5GP0220G0U.html Exploit
http://www.securityfocus.com/archive/1/archive/1/428138/100/0/threaded
http://www.securityfocus.com/bid/14106
http://www.securityfocus.com/bid/15647
http://www.ubuntu.com/usn/usn-160-2
http://www.vupen.com/english/advisories/2005/2140
http://www.vupen.com/english/advisories/2005/2659
http://www.vupen.com/english/advisories/2006/0789
http://www.vupen.com/english/advisories/2006/1018
http://www.vupen.com/english/advisories/2006/4680
http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf
http://www-1.ibm.com/support/search.wss?rs=0&q=PK13959&apar=only
http://www-1.ibm.com/support/search.wss?rs=0&q=PK16139&apar=only
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00612828
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11452
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1237
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1526
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1629
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A840
https://secure-support.novell.com/KanisaPlatform/Publishing/741/3222109_f.SAL_Public.html

References to Check Content

Identifier:
oval:org.mitre.oval:def:11452
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:11452
Identifier:
oval:org.mitre.oval:def:1237
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:1237
Identifier:
oval:org.mitre.oval:def:1526
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:1526
Identifier:
oval:org.mitre.oval:def:1629
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:1629
Identifier:
oval:org.mitre.oval:def:840
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:840

Technical Details

Vulnerability Type (View All)

Change History

3 change records found - show changes

Quick Info

CVE Dictionary Entry:
CVE-2005-2088
NVD Published Date:
07/05/2005
NVD Last Modified:
10/10/2017